Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
auto-publish-created-skills
v0.1.0Automatically publish newly created local skills to ClawHub after the skill has been reviewed and committed, when the user has explicitly requested ongoing C...
⭐ 0· 174·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill intends to publish local skills to ClawHub and its SKILL.md instructs the agent to run real ClawHub commands and a publish script. However, the registry metadata declares no required binaries or files even though the instructions explicitly require a 'clawhub' CLI and a local script at 'skills/clawhub-publish-flow/scripts/publish_to_clawhub.js'. That omission is an incoherence: a publishing workflow legitimately needs these tools declared.
Instruction Scope
The instructions stay within the stated task (identify workspace/skills, check login, inspect remote, run publish script, verify). They reference reading the workspace skill directory and executing a local publish script, which is expected for this task. However, the publish script is an external artifact outside the skill bundle; the instructions give the agent discretion to run it without documenting what that script does, which broadens the runtime scope in ways the user should review.
Install Mechanism
This is an instruction-only skill with no install spec or code files, which is low-risk in terms of automatic code install. The workflow relies on existing local tools and scripts rather than installing new packages.
Credentials
The skill declares no required environment variables but requires a 'local ClawHub session' to be authenticated. That relies on existing local credentials/session state (CLI tokens, cookies, etc.). While not necessarily inappropriate, the skill should explicitly document the CLI dependency and what credentials/session it will use so users can judge whether granting local access is acceptable.
Persistence & Privilege
The skill is not always:true and is user-invocable; model invocation is allowed (the platform default). There is no request to modify other skills or system-wide settings. Autonomous invocation is potentially sensitive here because the skill can publish assets, but that is not combined with other high-privilege requests in this package.
What to consider before installing
Before installing or enabling this skill, verify the following: (1) You have the 'clawhub' CLI installed and authenticated in the environment the assistant will run in; (2) the file 'skills/clawhub-publish-flow/scripts/publish_to_clawhub.js' actually exists in your workspace and you (not an untrusted third party) provided it — inspect its contents to ensure it does only the expected publish steps and does not exfiltrate data; (3) confirm you want the assistant to have the ability to run local CLI commands that perform publishes (disable autonomous invocation if you prefer to approve each publish manually). The main red flag is the skill metadata failing to declare required tools and the unspecified provenance of the publish script — ask the skill author to list dependencies and provide the publish script source before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk972kja0j7wcnjhcg2nrb6a12s82v06f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.